[tor-bugs] #31836 [Core Tor]: Idea for the realization of chats via the Tor network

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 24 00:53:56 UTC 2019


#31836: Idea for the realization of chats via the Tor network
------------------------------+--------------------------
 Reporter:  Researching girl  |          Owner:  (none)
     Type:  enhancement       |         Status:  new
 Priority:  Medium            |      Component:  Core Tor
  Version:                    |       Severity:  Normal
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+--------------------------
 Hello.

 If some Tor server operators also support a feature to receive messages
 from chat users in a chat group and then send them to the chat recipient
 in the chat group, I can imagine programming a client to do so.

 1 - There should be a registry where you can create a chat group to get an
 anonymous group ID. If you have to visit a website whose address ends with
 ".onion", that would be fine too. But then a code would have to be
 downloaded before, which would encrypt the data for the registry
 completely by means of a password, which the caller enters, before it is
 sent to the registry. So that unwanted can see neither the ID, nor the
 name of the chat group, nor the description of the chat group.

 2 - Once at least one chat user in the chat group logs in using a key
 received from the chat group creator, the registrar must encourage the
 selection of a Tor server that supports this chat communication. Always
 after a certain amount of time, you must switch to a different Tor server.
 This must happen from the registrar, the previous Tor server must not know
 the new Tor server. So the information must be sent directly from the
 registrar to all chat members, or encrypted in the usual way via the Tor
 server to be left. The clients of chat members who are not online at this
 moment will then be notified of the current Tor server as usual the next
 time they go online.

 3 - All chat users in the chat group who are logged in must be sent the ID
 of the Tor server through which the chat communication is currently being
 transported.

 4 - I will program the chat client so that before sending the text
 message, the message is encrypted using the key from the chat group
 creator. Only recipients who have this key can decrypt the message. So I
 will program the client so that after the receipt, before the message is
 displayed, it is decrypted again. Which of course only works if you have
 the right key. If you don't have the right key, you don't know the ID in
 the registry, you can't see which Tor server the communication is running
 on and you don't even see the chat users of the chat group.

 5 - The chat group creator must set a secure password to create a chat
 group, which is used for encrypted communication between him and the
 registrar and authorizes him to administer and then upload a key that he
 gives to all chat users who are supposed to be able to see his chat group
 and communicate there.

 6 - It is not necessary for the members of the chat group to be in the
 registry and it is much safer. Each member of the chat group authorizes
 himself each time with the key to log in. If the chat group creator wants
 to expel a member without sending a new key to all desired members of the
 chat group, he can enter it in the registry as "not authorized". If the
 now excluded chatter then logs on, he will not get the address of the
 current Tor server over which the communication is transported once more
 from the registry. However, if the user changes his or her user ID, this
 protection no longer applies. As a countermeasure, I can imagine that the
 chat group creator can request a new key via the registry, but the old key
 will continue to apply until the clients of all chat members have received
 the new key. The chat user to be excluded will be excluded.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31836>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list